How to fix potential security vulnerability in a dependency defined in package-lock.json
13 September, 2018 | 1 min read
Today I got assigned a ticket and it consisted in fix a vulnerability that github was complaining about, it was located in package-lock.json saying that this file has some vulnerabilities, I removed the file and tried to run
npm install command alone which didn’t work, so I had to find another solution, not always you have to invent the wheel but instead know where you can find the information.
This was the message:
A dependency defined in package-lock.json has known security vulnerabilities and should be updated.
So I found this solution I would like to share with anyone having this issue:
Run this commands in order
npm install <dep>
npm uninstall <dep>
package-lock.jsonand push to proper branch with the changes we just did by running the previous commands
That’s it for me it worked like a charm, check it and let me know what you think !! :) Thanks for reading this post if you have questions feel free to let me know, the best